BaghdadBasraMosulErbilSulaymaniyahDuhokHalabjaKirkukNajafKarbalaHillahDiwaniyahSamawahNasiriyahAmarahKutBaqubahRamadiTikritFallujahSamarraZakhoRawanduzSoranShaqlawaKoyaChamchamalKalarKifriKhanaqinTuz KhurmatuBaladHitHadithaAnaAl-Qa'imRutbaAl-FawAl-ZubairQurnaAbu Al-KhaseebAl-ChibayishAl-RifaiSuq Al-ShuyukhAli Al-GharbiAl-Majar Al-KabirAl-MishkhabAl-KufaAl-HindiyaAl-MusayyibAl-MahmudiyahAl-TajiAl-MiqdadiyahBalad RuzMandaliSinjarTal AfarBashiqaBartellaAl-HamdaniyaAl-ShirqatBaijiAl-DujailRanyaPenjwinDarbandikhanChomanMergasurAmediAkreBardarashBaghdadBasraMosulErbilSulaymaniyahDuhokHalabjaKirkukNajafKarbalaHillahDiwaniyahSamawahNasiriyahAmarahKutBaqubahRamadiTikritFallujahSamarraZakhoRawanduzSoranShaqlawaKoyaChamchamalKalarKifriKhanaqinTuz KhurmatuBaladHitHadithaAnaAl-Qa'imRutbaAl-FawAl-ZubairQurnaAbu Al-KhaseebAl-ChibayishAl-RifaiSuq Al-ShuyukhAli Al-GharbiAl-Majar Al-KabirAl-MishkhabAl-KufaAl-HindiyaAl-MusayyibAl-MahmudiyahAl-TajiAl-MiqdadiyahBalad RuzMandaliSinjarTal AfarBashiqaBartellaAl-HamdaniyaAl-ShirqatBaijiAl-DujailRanyaPenjwinDarbandikhanChomanMergasurAmediAkreBardarash
Trust Center

Security, privacy & trust at The Setup.

This page is maintained by The Setup to answer common security and privacy questions about our platform. It describes controls that are enabled today; it is not an independent certification.

Shared responsibility

Security is a partnership. Our hosting platform provides infrastructure controls; The Setup configures the application, access, and data practices described below; and every user is responsible for protecting their own account credentials.

Access & authentication

Accounts are protected by email + password authentication with sign-in via a secure hosted auth service. Admin routes are gated by server-side role checks. Passwords are never stored in plaintext.

Encryption in transit

All traffic to the site and API is served over HTTPS with modern TLS. Data between the browser, application, and database is encrypted in transit.

Hosting & platform

The Setup runs on a managed cloud platform with a Postgres database and a globally distributed edge runtime. Row-Level Security policies enforce per-user data access at the database layer.

Data we collect

Account information (email, name, handle), profile content you upload, project and payment activity, and app usage logs. We collect only what's needed to run the marketplace, matching, education, and payments.

How we use data

To run the marketplace, match creators with brands, process payments, deliver certificates, and improve the service. We do not sell your personal data.

Cookies & analytics

We use functional cookies to keep you signed in and remember preferences. Product analytics are limited to what's needed to improve the platform.

Retention & deletion

We keep account data while your account is active, and only as long as needed after that for legal and financial reasons. You can request deletion or export at any time.

Incident response

If a security incident affects your account or data, we will notify affected users and take corrective action. Report a concern using the contacts below.

Subprocessors & integrations

Vendors we rely on to run the service

We share data with vendors only as needed to operate the service. Each vendor is limited to the data required for its role.

VendorPurpose
Managed Cloud PlatformApplication hosting & managed backend
Postgres DatabaseDatabase, authentication & row-level security
CloudflareEdge runtime, CDN & DDoS protection
AI GatewayAI features used inside the platform
Your controls

You're in control of your data

  • Edit your profile at any time
  • Request account or data deletion
  • Export the data you've uploaded
  • Manage which brands can contact you
  • Withdraw consent for optional features
  • Reach a human via email or WhatsApp

Report a security concern

Found a vulnerability, suspicious behaviour, or something that looks wrong? Please contact us directly — we take every report seriously.